Presentation is loading. Please wait.

Presentation is loading. Please wait.

Application of Quantum Cryptography Nov. 2, 2010 Speaker: Chia-Hung Chien 簡嘉宏 Advisor: Sy-Yen Kuo 1.

Similar presentations


Presentation on theme: "Application of Quantum Cryptography Nov. 2, 2010 Speaker: Chia-Hung Chien 簡嘉宏 Advisor: Sy-Yen Kuo 1."— Presentation transcript:

1 Application of Quantum Cryptography Nov. 2, 2010 Speaker: Chia-Hung Chien 簡嘉宏 Advisor: Sy-Yen Kuo 1

2 Outline Quantum Cryptography in Network – BBN, SECOQC, Tokyo Application – Indirect QKD, Cloud Computing – Commercial product – Real application 2

3 BB84 Alice sends Bob a stream of photons which have been randomly polarized to one of four states (0 o,45 o,90 o,135 o ). Bob measures the photons in a random sequence of basis. Alice and Bob publicly announces the sequence of basis they used. Alice and Bob discard the results that have been measured using different basis, the results left can be used to derive a secret key. 3

4 SARG v.s. BB84 Encoding basis – BB84: – SARG: – Quantum phases are the same Strong against PNS attack – non-orthogonal basis { },,,,,, 4

5 Quantum Cryptography in Network Build up a network for distributing secrets out of single point-to-point QKD-Links. Quadratic scaling: O(n 2 ) links for n users 5 Alice Bob Charlie Single QKD-link Additional two QKD-link

6 DARPA Quantum Network First quantum encrypted functional network 6

7 Network Architecture 7

8 SECOQC QKD Network Quantum-Back-Bone (QBB) Network – Deployed for test purposes in Vienna Quantum Access Networks (QAN) – Free space link allows connectivity 8

9 QKD-Link Devices Attenuated Laser Pulses (Id Quantique) Coherent-One-Way (University of Geneva) One-way, decoy states (Toshiba UK) Entangled photons (University of Vienna) Continuous Variables (Prof. Grangier) Access Free Space Link (LMU of Munich) – The “last mile“ (80 m, >10kbit/s) 9

10 Quantum Point-to-Point Protocol The interface to ensure seamless integration and interoperation between different QKD- Links and node module Quantum Point-to-Point Protocol (Q3P) offers – Authentication and encryption services – Point-to-Point protocol between QBB nodes – Manage key storage 10

11 QKD-RL and QKD-TL The QKD Routing Layer (QKD-RL) Protocol – Manage the routing information – Sensitivity and relative scarceness of key material The QKD Transport Layer (QKD-TL) Protocol – Dealing with highly congested networks – Exchange confidential and authentic information across the network 11

12 Examples 12

13 Tokyo QKD Network NEC, Mitsubishi Electric, NTT, NICT, Toshiba Research Europe Ltd. (UK), ID Quantique (Switzerland) All Vienna (Austria) 13

14 Network Layout Make use of JGN2plus Star network Koganei Hakusan Otemachi Hongo 14

15 Network Layer Structure 15

16 Network Layer Quantum Layer – QKD Devices generate quantum keys via a point- to-point connection Key Management (KM) Layer – KM agents collect and store the key – KM server monitors the amount of key in each agent and supervises the overall key distribution Communication Layer – Using distributed keys for encryption and decryption of text, audio or video data 16

17 Secure Video Conference 17

18 Experiments in Chunghwa Telecom 18 F棟F棟 C棟C棟 ST Con. FC Con. ST Con. LC Con. T.L Fiber 5m. 35m. 1.5m. 5m. 35m. 50m. A B C 跳接線 ST FC ST LC ST SDH/DWDM 實驗室 量子實驗室 各3對各3對 50m. ST Con. ST 1.5m. D

19 id Quantique Clavis 19

20 id Quantique Clavis2 Architecture 20

21 A Typical Example 21

22 Phase Coding 22

23 Interferometer with “base” phase shifters 23

24 Other Network Topology Node1 and Node2 can share secret key by QKD channel A Node2 and Node3 can share secret key by QKD channel B Can Node1 and Node3 share a theoretical-secure secret key? Node2 can be trusted or non-trusted 24 channel Achannel Bchannel Cchannel D

25 Quantum Indirect Sharing Key Topology: a quantum mobile device network. Problem: An unsafe routing path for indirect communication. Difference: The deriving process is in the indirect communication. 25 Alice Bob Eve Trusted Third Party

26 The Deriving Procedure 0.Alice and Bob initially share a testing table for verifying the key 1.Dick generates and distributes entangled qubits a)N EPR pairs for deriving key b)N GHZ triplets for verifying key 2.Dick announces a random selection of the bases 3.Alice and Bob can generate a secret key by measurement with the same bases 4.Alice, Bob and Dick verify the key with GHZ triplets 26 Fig. 1: Distribute B, EPR pairs and GHZ states. Bob 12 Alice Dick: Third Party GHZ state EPR Pair Block Transmission BB Charlie Different location on the routing path.

27 Notation First N EPR pairs are denoted by |E  ={|e  1,12, |e  2,12,…|e  n,12 } The N GHZ states are denoted by |G  ={|g  1,345, |g  2,345 …|g  n,345 } The measurement bases is denoted by B=[b1, b2,.., bn], where bi  {0, 1}. 0 means z-basis 1 means x-basis Alice and Bob obtain C=[c 1, c 2,.., c n ] and D=[d 1, d 2,.., d n ] by using B to measure |E  According to the no-deterministic theorem, the measurement process is random so the condition C=D is satisfied 27 Fig. 1: Distribute B, EPR pairs and GHZ states. Bob 12 Alice Dick: Third Party GHZ state EPR Pair Block Transmission BB Charlie

28 The measurement of GHZ Triplet correlation If Alice, Bob and Dick measure their qubit in GHZ triplet with the x-basis, they will get a deterministic result |+x  a |+x  b |+x  d anti-correlation If Alice and Bob measure with the x-basis but Dick measure with the y- basis, they will not get a deterministic result 28 DickAlice Bob +x-x+y-y +x |0  + |1  |0  - |1  |0  - i|1  |0  + i|1  -x |0  - |1  |0  + |1  |0  + i|1  |0  - i|1  +y |0  - i|1  |0  + i|1  |0  - |1  |0  + |1  -y |0  + i|1  |0  - i|1  |0  + |1  |0  - |1  Table 1: Correlation and anti-correlation of quantum secret sharing

29 Verify the Key Alice measure with x-basis if c i =0, but Bob measure with y-basis if d i =0 For c i =0 and d i =0, the measurement bases of Alice, Bob and David are corresponding to x-basis, y-basis and y-basis. Four possible results are 001,111, 010 and 100. After Alice and Bob announce their measurement outcome, Dick accumulates the outcome to verify the key. 29 ConditionAliceBobDickResultsOdd Verify c i =0 & d i =0xyy001,111,010,100yes Correct c i =1 & d i =1yxy001,111, 010,100yes Correct c i =0 & d i =1xxy00x,11x,01x,10xx Error c i =1 & d i =0yyy00x,11x, 01x,10xx Error Table 2: Testing table for GHZ state C=D CDCD

30 30 Summary To generate a quantum key is random, because the measurement outcome of EPR pairs is random. We do not need to transmit classical information and quantum information for generating a quantum key. The topology is indirect communication that can satisfy with the mobility of the quantum mobile devices.

31 Quantum Transmission Mechanism for Detection Quantum information may be attacked by eavesdroppers and malicious nodes on the routing path. This new mechanism can transmit quantum message and detect malicious node at the same time. 31 Alice BobCharlie Detection Mode Message Mode Honest?

32 The Mechanism 1.Initially, Alice and Bob share a quantum verification table. 32 |  123 N1N2N3N1N2N3 Sequence |000  b1b2b3b1b2b |001  b1b2b1b1b2b |010  b1b2b1b1b2b |011  b1b3b2b1b3b |100  b2b1b3b2b1b |101  b2b3b1b2b3b |110  b3b1b2b3b1b |111  b3b2b1b3b2b |  123 denotes index for handshaking between Alice and Bob N 1 N 2 N 3 denote the measurement bases corresponding to Alice, Charlie and Bob The sequence denotes the mode of qubits transmitted to Bob 0 represents for detection mode 1 represents for message mode

33 The Mechanism 2.In detection mode, Alice will generate three entangled qubits denoted by |  123, and send |  23 to Charlie. Charlie pass |  3 to Bob. 3.In message mode, Alice will encode message in |  5 and send |  45 to Charlie. Charlie pass |  5 to Bob. 33 AliceBobCharlie Quantum Verification Table Detection mode Message mode Symbos 1, 2 and 3 denote entangled qubits for detection mode Symbos 4 and 5 denote superposition qubits for message transmission

34 The Mechanism 4.According to the content of N 1 N 2 N 3, Bob sends the measurement basis to Charlie 5.Charlie sends his measurement outcomes to Alice and Bob 6.Alice and Bob perform the verification on the bits of detection mode to check whether Charlie is honest or not 7.If Charlie is honest, Bob can accepts the message encoded in the bits of message mode Otherwise, the transmission is stopped. 34

35 35 Detection and message modes |  123 N1N2N3N1N2N3 Sequence |000  b1b2b3b1b2b |001  b1b2b1b1b2b |010  b1b2b1b1b2b |011  b1b3b2b1b3b |100  b2b1b3b2b1b |101  b2b3b1b2b3b |110  b3b1b2b3b1b |111  b3b2b1b3b2b Quantum Verification Table AliceBobCharlie Quantum Verification Table 1.Send qubits 2.Announce Bases 3.Announces outcomes 4.Verify Result

36 36 Summary The intermediate node has no capability to differentiate which qubit belongs to quantum superposition or quantum entanglement. The intrusive behavior from malicious node can be detected. So the security of transmission integrity can be achieved.

37 Quantum Private Queries Problem: Symmetrically Private Information Retrieval Protect Alice’s privacy and Bob’s information – prevent him from reading her queries without risking capture – prevent her from obtaining more than a few answers for each database query 37

38 Quantum Encrypted Computation Alice needs data f(y), and Bob is the server providing the service. Hermition Matrix is OK Unitary Matrix not sure 38

39 Obstacles of Quantum Cryptography The point-topoint paradigm – Quadratic scaling with the number of users – Dedicated fiber optic line with NO repeaters – Short distance quantum channel – Free air transmission require a clear line of sight The integrability in existing networks – Price and reliability of QKD, missing standards QKD appears to be restricted to a relatively narrow niche market – SmartQuantum in France is bankrupt 39

40 QKD in application Even in applications in which it can be used, it may not be the preferred option for establishing secure communication due to its cost, size, inconvenience and limitation More serious problem – How to deal with side channel attacks in its theoretical proofs of security 40 Adi Shamir’s talk in UQCC 2010

41 QKD for Cloud Computing? Data has to be securely sent for remote processing On an unknown computer At an unknown location Which is typically at a far away location That changes frequently 41 Adi Shamir’s talk in UQCC 2010

42 Today’s Encrypted Networks 42 Red Link Red Physical Red IP Black IP Black Link Black Physical Crypto IPsec Protocol Suite Traffic in the Clear Encrypted & Authenticated Traffic (via IPsec) Traffic in the Clear Encrypted & Authenticated Traffic (via IPsec) VPN Endpoint VPN Endpoint Private Enclave Private Enclave End-to-End Key Distribution by Courier or Mathematics End-to-End Encrypted Traffic Black Link Black Physical Black IP Red IP Red Link Red Physical Crypto IPsec Protocol Suite

43 Major Cryptosystems RSA-512 – Invented in 1977, broken by NFS developed 1990 DES – Standardized in 1977, broken by Diff’l Cr in 1990 SHA-1 – Developed in 1992, broken by Wang in 2005 AES-256 – Developed in 1996, broken at Asiacrypt 2009 KASUMI – Proposed at FSE 1997, broken at Crypto

44 Future Secure Communication Dedicated high-end symmetric encryptors with frequent key change Fresh key being constantly generated by QKD devices 44 Information is physical -- Rolf Landauer

45 Commercial QKD 45 MagicQ

46 id Quantique id Quantique (IDQ) created in Geneva in 2001 Product – Centauris: high-speed layer 2 encryption – Cerberis: high-speed encryption based on the proven Advances Encryption Standard (AES) – Clavis 2 : QKD devices 46 Centauris Cerberis Clavis 2

47 MagiQ Founded in 1999, U.S. owned and private Spectrum: 10 Tech Companies for the Next 10 Years Customers 47

48 Swiss election in Geneva First real-world use of quantum cryptography (Oct 2007) Using Commercial Quantum Cryptography System (Cerberis ) by id Quantique Secure the relay of sensitive election data 48

49 2010 FIFA World Cup Durban, South Africa – The first use of ultra secure quantum encryption at a world public event 49

50 Quantum Key in Mobile 50

51 Satellite Communication 51

52 Conclusion The cost for QKD is high, but it is worth Short-term challenges and long-term challenge are quite different – Short-term: integrate QKD in classical networks – Long-term: quantum repeaters, apply in outer space Quantum cryptography can be combined with modern cryptography to realize a sound and practical security 52

53 53 Thank you for your attention

54 A target market of quantum based communication solutions for organizations with distributed subsidiaries/facilities such as governmental institutions, companies and banks is envisaged 54

55 Network nodes are considered to be situated in secure locations and are connected by QKDLinks. 55

56 Reference SARG04: V. Scarani et al., PRL 92, (2004) Peev M et al 2009 The SECOQC quantum key distribution network in Vienna New J. Phys

57 DARPA Quantum Network First quantum encrypted functional network 57 BBN lab Harvoard U Boston U

58 Outline Quantum Cryptography Protocol – BB84, SARG Quantum Cryptography in Network – Tokyo, SECOQC, BBN Commercial Product – IdQuantique, MagiQ, Smart Quantum Application – Indirect, Cloud Computing, Real Application 58


Download ppt "Application of Quantum Cryptography Nov. 2, 2010 Speaker: Chia-Hung Chien 簡嘉宏 Advisor: Sy-Yen Kuo 1."

Similar presentations


Ads by Google